Snowplow8861

joined 1 year ago
[–] Snowplow8861@lemmus.org 2 points 11 months ago

Sure was! You need to be on top of paid and free and open source software from a security stand point. There's no shortcut no matter what you think you're paying for. Your threat model might be better when the service automates a Web proxy for you, but that's only one facet. You trade problems but should never feel like you can "set and forget". Sometimes it's better for you to do it yourself because there's no lying about responsibilities that way.

[–] Snowplow8861@lemmus.org 3 points 1 year ago (2 children)

Plex was how last pass got hacked. https://www.howtogeek.com/147554/lastpass-data-breach-shows-why-plex-updates-are-important/

You still need to do stuff even if it is plex.

[–] Snowplow8861@lemmus.org 1 points 1 year ago

Is the copied file going to a usb? Is the usb fake? Otherwise I'm pretty sure your source is bad. Probably the disk sector if you're sure the file was at some point complete.

Something like btrfs probably does block cloning or similar so a copy to the same disk probably just points at the same disk blocks as the original.

ffmpeg -v error -i file.avi -f null - 2>error.log

Check the source probably

[–] Snowplow8861@lemmus.org 11 points 1 year ago (1 children)

Five words into the article says

Apple’s internal presentation from 2013

Literally at the top under TL;DR

[–] Snowplow8861@lemmus.org 1 points 1 year ago* (last edited 1 year ago)

How are they placing this data? Api? Not possible to align disk tiers to api requests per minute? Api response limited to every 1ms for some clients, 0.1ms rate for others?

You're pretty forthcoming about the problems so I do genuinely hope you get some talking points since this issue affects, app&db design, sales, and maintenance teams minimally. Considering all aspects will give you more chance for the business to realise there's a problem that affects customer experience.

I think from handling tickets, maybe processes to auto respond to rate limited/throttled customers with 'your instance been rate limited as it has reached the {tier limit} as per your performance tier. This limit is until {rate limit block time expiry}. Support tickets related to performance or limits will be limited to P3 until this rate limit expires."

Work with your sales and contracts team to update the sla to exclude rate limited customers from priority sla.

I guess I'm still on the "maybe there's more you can do to get your feet out of the fire for customer self inflicted injury" like correctly classifying customer stuff right. It's bad when one customer can misclassify stuff and harm another customer with an issue by jumping a queue and delaying response to real issues, when it's working as intended.

If a customer was warned and did it anyway, it can't be a top priority issue, which is your argument I guess. Customers who need more, but pay for less and then have a expectation for more than they get. It's really not your fault or problem. But if it's affecting you I guess I'm wondering how to get it to affect you less.

[–] Snowplow8861@lemmus.org 10 points 1 year ago (5 children)

If it's possible to do, and it causes a user experience issue, especially one as jarring as "stop accepting writes" you should start adding rate limits and validate inputs with rate limits expressed to the user before they hit the error rate.

To me you should already be sanitising input anyway, and this would just be part of that logic. If a user is trying to upload more than x it warns (with link to documentation of the limit). If user has gone past the rate limits, then error.

I'm not a sre or dev, just a sysadmin though. Users expect guard rails. If it's possible, it's permitted.

[–] Snowplow8861@lemmus.org 1 points 1 year ago

There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There's probably more but these are issues I've seen.

If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they're blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren't relaying outbound mail spam from infected local computers.

Overall fair enough.

[–] Snowplow8861@lemmus.org 131 points 1 year ago* (last edited 1 year ago) (3 children)

It's paraphrasing Torvalds himself though. It's a cheeky title.

"... and I have absolutely no excuses to delay the v6.6 release any more, so here it is,"

[–] Snowplow8861@lemmus.org 1 points 1 year ago

Mm, not quite, when say having 60+staff work in a single building model you need something that allows object locking so stag can work on part of a building and check it in and out.

I'm not the architect, I'm the sysadmin that designs and builds the server/network infrastructure for a half dozen architecture firms, some which have over 300 architects spread around Australia, Europe, and south East Asia. That mostly means running up servers to host BIM and BIM cache servers, as well as maintaining PIM servers.

To be honest I quizzed you because I honestly never heard of it and my life revolves around both revit and bim360, revit and revit self hosted bim servers, or archicad. Not that I do anything much in them, BIM managers generally administrate their own BIM instances and their teams. But some of the projects are in the billions of dollars that you'll find on featured on the b1m YouTube channel.

Id argue that while the architects themselves are by and far the largest cost, the largest IT cost is the modelling software. I've even had some people using unreal engine to do parts of their work now especially for customer facing flythrough demonstrations and city view with time of day and all that.

So I'm pretty open minded to keeping my ears open to new software since I'm never sure what to expect. It would be interesting to see if it could ever be possible to do one of these megaprojects in open source. But my gut says it's unlikely.

[–] Snowplow8861@lemmus.org 2 points 1 year ago (2 children)

Does it connect to the same arcgis BIM servers so I can work with my coworkers, in real architecture projects?

[–] Snowplow8861@lemmus.org 5 points 1 year ago

They'll be in a hardware security module, just like the computer should be storing encryption keys with the tpm. Tbh I don't know what's actively implemented but definitely on the devices I manage in MDM they're non-compliant without that. I'm sure you probably can get cheap devices without though. Just like you can get home level laptops without tpm.

view more: next ›